Dropbox for paranoiacs

Like many people, I have a Dropbox account; it comes in handy for sharing files with collaborators. However, Dropbox has one significant problem: that of trust. It is a closed-source program, running a proprietary protocol; the user has no means of verifying its operation or its security, and thus using it is giving an opaque program access to one's system, and having faith that (a) it only does what it says it does (i.e., synchronising a directory tree of files between machines), (b) it cannot be quietly subverted by its creators to do other things without one's consent, and (c) it has no security holes that a third party could exploit to pwn all your stuff.

Other people have noticed this as well, and there are severalexistingarticles on ways of compartmentalising Dropbox on a Linux system. These articles generally rely on running it in a chroot jail, restricting its filesystem access to an isolated subtree. The problem with this is that chroot is a thin layer of defense against an untrusted application; it only restricts access to the filesystem, and there have been ways to break out of it; if an attacker can get root privilege, they can get out. In short, trusting chroot to secure an untrusted application is a leap of faith.

Fortunately, chroot is not the only possibility these days; with improving CPU performance and the falling cost of RAM, a moderately powerful computer has enough power to run several virtual machines, each one running its own isolated operating system. These can be run using the freely available VirtualBox application, which is able to run its virtual machines in headless mode. In other words, it is possible to devote a small amount of memory, disk space and CPU power to simulating a small dedicated Linux box dedicated to running a Dropbox client. This box can run a NFS server, through which you can access your Dropbox files from your main machine as if they were stored locally. And, should the Dropbox client turn out to be, or be compromised by, malware, it has access to literally nothing more than a freshly-installed Linux box running itself.

The process has multiple stages: one will need to create a virtual machine, install Linux on it, install the Dropbox client (and configure it to connect to one's account), set up networking and NFS to get at one's files, and configure the host system to automatically start the virtual machine at boot time. In my example, I am using the Debian Linux distribution (in particular, Debian Jessie 8.2.0); the instructions will differ for other distributions.

Setting up the VM

First, you will need a user account on your host machine under which the VM will be started; given that, once the process is complete, it will be automatically started at boot time, it is probably a good idea to not run it under your personal account. Let's call this account vmmaster, and put its home directory (including the virtual machines it will manage) under /var/local/VMs; so, as root, do:

Once this is done, you can create the virtual machine. It is probably best to do this initially with the VirtualBox graphical interface; once the machine is set up, it can be started headless. (If you don't have VirtualBox and its kernel drivers installed yet, you will need to install them.) First, give the vmmaster user temporary access to your X11 display by entering, in your normal user shell, the command:

xhost +SI:localuser:vmmaster

Then, as root, become vmmaster and start VirtualBox:

su -s /bin/sh vmmaster
virtualbox

The VirtualBox GUI should then appear. In the network preferences, make sure that there is a host-only network available, as you will need this for communication between the VM and the host.

Create a new VM (giving it, say, 6Gb disk and 256Mb RAM; you may also want to constrain it to use at most, say, 40% of the host's CPU) and give it a name, e.g., “dropjail”; attach the “Debian 8.2.0 netinst” CD-ROM image to its virtual CD-ROM drive, boot and follow the installer's instructions. Select an advanced install, and make sure to deselect all X11 components (i.e., ”Debian desktop server”).

When setting up the networking, make the first Ethernet adapter bridged (it will be used for communicating with Dropbox servers) and the second one host-only (it will be used for communicating with the host). Give the host-only interface a static IP address; to do this, use ifconfig on the host to check what IP address the host-only interface vboxnet0 has, and give it one adjacent to it; i.e., if vboxnet0 is 192.168.62.1, set the VM's host-only interface to be 192.168.62.2. (The bridged adapter uses the default options.)

Once Debian is installed, and the VM has booted to a log-in prompt, log in as root and reconfigure the grub bootloader to boot immediately into the VM, without presenting a menu; this will shave five seconds off the startup time. To do this, edit /etc/default/grub on the VM, and change the GRUB_TIMEOUT line to read:

GRUB_TIMEOUT=0

Then, run update-grub from the root shell.

Installing Dropbox on the VM

Before you install Dropbox, make sure that the VM has a user with the same numeric UID as your user account on the host; this is important for permissions to be preserved across the NFS link. Once this is done, change to this user and perform all the following commands as this user; even in a VM, Dropbox should not run as root.

To download the Dropbox client, make sure you're in the Dropbox user's home directory, and enter the following command:

Make sure the script is executable (chmod +x /etc/init.d/dropbox), and check if it starts/stops Dropbox; then reboot the VM and make sure that Dropbox is running when it has booted.

Installing the NFS server

Now that we have Dropbox working in the VM, we need a means to access the files from the host; for this, we will install a NFS server on the VM, configure it to export the Dropbox directory, and then mount it on the host; first, install the NFS server software; log into the VM as root and do the following:

apt-get install nfs-kernel-server nfs-common

Then we need to add a line to /etc/exports, specifying the directory to export, and the IP address of the NFS client that may connect to it; the line should look something like:

/home/USER/Dropbox 192.168.62.1(rw,root_squash,sync,no_subtree_check)

(replacing /home/USER/Dropbox with the path of the Dropbox directory on the VM, and 192.168.62.1 with the IP address associated with the vboxnet0 interface on the host.)

Restart the server with /etc/init.d/nfs-kernel-server restart. Then, on the host, add a line to /etc/fstab, mounting the VM's Dropbox directory over an existing mount point, possibly like:

192.168.62.2:/home/USER/Dropbox /home/USER/Dropbox nfs defaults 0 0

Then mount it and see if it appears; it should do so, giving you a readable and writable Dropbox directory visible on the host machine.

Starting the VM at boot time

One final step remains: we want the VM we have just created to be started when the host machine is booted, so that Dropbox is available immediately. We do this using VirtualBox's VBoxManage command; at start time, we use its startvm subcommand, specifying that the VM is to be of type headless. We also have to handle the case of shutting the machine down; though, in that case, we can merely suspend it, saving its state. To do this, we create a file in /etc/init.d (let's call it /etc/init.d/VMs), similar to the one described here, which will do this. It will look like:

Then reboot your host and check that everything works. If it does, the VM should come up (ping to its IP address should work), the Dropbox directory should be mounted, and files in it should appear and be writable. If so, congratulations: you now have a locked-down Dropbox client accessible from your Linux box.

(Of course, this only protects your Linux box from Dropbox, and does nothing to protect the files you place in your Dropbox; for that, you may want to use some combination of common sense and/or encryption.)

There are no comments yet on "Dropbox for paranoiacs"

Want to say something? Do so here.

Post pseudonymously

Display name:

URL:(optional)

Post using your Facebook ID

To prove that you are not a bot,please enter the text in the image on the rightin the field below it.

Your Comment:

Please keep comments on topic and to the point. Inappropriate comments may be deleted.

Note that markup is stripped from comments; URLs will be automatically converted into links.